[SECURITY] [DLA 2612-1] leptonlib security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2612-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
March 31, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : leptonlib
Version : 1.74.1-1+deb9u1
CVE ID : CVE-2020-36277 CVE-2020-36278 CVE-2020-36279
CVE-2020-36281
Several issues have been found by ClusterFuzz in leptonlib, an image
processing library.
All issues are related to heap-based buffer over-read in several functions
or a denial of service (application crash) with crafted data.
For Debian 9 stretch, these problems have been fixed in version
1.74.1-1+deb9u1.
We recommend that you upgrade your leptonlib packages.
For the detailed security status of leptonlib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/leptonlib
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBkSm5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfSQg/9FkAuELdli9UuNDYzdbuKFFmFJAw2XpkceRIVZQ+16H70jdRyG65Dr0UR
U5QliprrcoDkjQhw0+YEgaD9qEgNqoCmDQVgCw9uuKzPcLpTABYmU20sajddWbY6
AUNMigfAa5UE4u1RDCee/gohUEN3mR5P0esvf4qT47E/anUYClxOu+T5Wflx4jah
04xmQwouYOfWSPqaaYeQ3XEMsngLCwe/YQBHDebCwb2+crVxJkhbsN2FdQDbJygo
MNSDVPb8g8+vdfXpJ+F6Kiw223rLJK/52zju3gek5+H2Fw/hHHx6r01cTpkdIb5w
5LagUcuW/ntvriPaYAsNipQp9V1q2MdO9dN6grku7cakF9lPPixWaZyk2nHSGMa7
WuUMswyWY73GtKf9oM6xhs6JWuTrBpf/7P6zBFdNxgH6aPfDxwja8i8ubz9m9otn
MmUruyjtYK44YYmGN4KnmHzNQs+kfQO2IzKzk5fNOdayCeIBvxhddLCDKwyPKyBg
VCu32aE9Kff5x7kiRiEG0Wuv9569zRuh+fNws4NzMdkfKvdfLdLd/k46/Bkxng4N
wYDk5HA8XcRDxliV4nYJzeJXod3aTVWxJ5ExctmZJVThC2Z+ycYiMVznfHpzU9A8
Z/PsLzIJzO65/AEv2SVgtNV0gjotmeLHGMhyW5FnCAN8Fx3tSWI=
=MsOp
-----END PGP SIGNATURE-----
Reply to: